Why is my keyboard connected to the cloud?

Everything is becoming a thing connected to the internet, but some things really shouldn’t be.

First cab off that rank should be input devices, because what sort of maniac thinks the advantages of a roaming cloud-based configuration outweighs the potential explosion in surface area to attack and compromise? That maniac is called Razer, and it has been connecting keyboards to its Synapse software for years.

At last week’s CES, Razer took it a step further when it announced it is adding support for users to use Alexa to control their peripherals.

“I don’t have any razer hardware to test, but they probably (like, *right now*) need to fix that.”

To Razer’s credit, the company fixed the issue within 24 hours; on the other hand, it allowed remote command execution in the first place.

Also in Razer’s favour is that it acknowledged it was responsible, which is more than can be said for Gigabyte.

On December 18, SecureAuth detailed an exchange of when it discovered that software utilities for Gigabyte and Aorus motherboards had privilege escalation vulnerabilities.

“There is ring0 memcpy-like functionality … allowing a local attacker to take complete control of the affected system,” SecureAuth said.

In trying to resolve what was clearly a serious issue, the security company could not locate a proper contact within Gigabyte, and headed over to its technical support team.

“Gigabyte is a hardware company and they are not specialized in software,” Gigabyte told SecureAuth on two different occasions in May.

In the end, SecureAuth said Gigabyte eventually responded by saying its products did not have any issues.

If a vendor with the experience and sales of Gigabyte responds by denying responsibility for its software, it doesn’t bode well for smaller players.

Gigabyte should stop distributing software as long as it keeps on throwing out the excuse that it is a hardware company.

And it is no small matter, because the utilities that the Taiwanese manufacturer puts out are built to manipulate hardware settings, and flash BIOSes.

If a bad actor was looking for a shortcut into a modern Windows system, trying to find your way in via Microsoft’s code will be time wasting when the camembert-like underbelly of a modern system is likely to be crap software from peripheral makers.

That tactic is not new, but with connectivity exploding, things are likely to get worse before it gets better, as with most things in the cyber realm.

ZDNET’S MONDAY MORNING OPENER:

The Monday Morning Opener is our opening salvo for the week in tech. Since we run a global site, this editorial publishes on Monday at 8:00am AEST in Sydney, Australia, which is 6:00pm Eastern Time on Sunday in the US. It is written by a member of ZDNet’s global editorial board, which is comprised of our lead editors across Asia, Australia, Europe, and North America.